Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! ΞΞ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Looking for a bit more than customer support, and want to learn more about what cryptostorm is , what we've been announcing lately, and how the cryptostorm network makes the magic? This is a great place to start, so make yourself at home!

Cryptostorm has a long history of pushing past the assumed limits of the possible & providing previously-unavailable levels of privacy protection to our customers. Our Terms of Service (ToS) are no exception. In fact, years ago, one of our co-founders published an article in the legendary 2600 Magazine on Terms of Service in tech projects - "RTF... ToS" - highlighting what to look for when choosing tech components. If you're curious, you can read a copy of that article here. Our own ToS are short, direct, and we hope quite clear.

First, as a precursor of sorts, we established the cryptostorm network to assist people throughout the world in a mature effort to protect individual freedom while on the Internet. You may also label us a network transport provider: this means we pass encrypted packets back and forth, PERIOD. The company does not host content, serve resources, or log anything you are doing - none of that is our business. In fact, as part of our business model we have stood tall and reached out to dissidents in places such as Iran, Tibet, and Cuba (just to name a few), providing free accounts to those trying to get honest current information out to friends, family, and people on the 'net as a whole. We believe these efforts - while not directly profitable to us economically - provide a more than worthwhile return both to the global community, and to the betterment of the Internet.

Second, we ask that you don't do anything blatantly dumb whilst using our service. Please do not send massive volumes of spam through our network. It adds to our workload, and it just ends up getting our IP's blocked from big chunks of IP-space (which means your spam won't arrive anyway); in other words, sending spam via cryptostorm is overflowing with pathetic n00b. Our network is also not a place to 'hack' from (related: nor are we a good transit path through which to route your DDoS attacks, not even c&c; use IRC or sneaky SYN payloads, or whatever... just not us). If you don't know why that's true - and you don't already know how to cover your ass without using a commercial VPN service - then you'd best fucking think twice about what you're doing, 'cause you are in waaaaay over your head. Our $0.02. We won't betray you if you do, but there's smarter ways to cover your tracks doing such things. Point being: if you don't already know that, then you shouldn't be hacking or DDoSing anyway. Crawl, walk, run... that sort of thing.

Third, we request that you not push any sort of child porn or underage sexual content through our network. The company has always been opposed to it. We're honest and forthright, and we ask that you respect that. We don't packet sniff, log anything at all, or have an 'Abuse Team' (as many of our competitors do, whether they admit it or not) - but we do have a crack staff that will do anything within their power (outside of compromising our company stance on customer privacy) to put a stop to CP pushing across our network. Same goes for terrorist-related activities. Don't, seriously. We're not designed to protect either of those areas of activity - CP or terrorism - and we don't expect to be asked to. Yes, there's plenty of grey areas in those definitions; we get that. But if you're well beyond the grey and you're doing really bad shit, don't use us. We're not morality police and we're not here to enforce the world's laws (nor are we legally obligated to do so - we're not cops and have no desire to be such), but we're also not running this network so you can sell CP or plan to kill people (or other beings). Protip: use Tor. Actually, just don't do either of those things, and the world will be a better place. Again, our $0.02.

~ ~ ~In conclusion, your account will be maintained by us and we will not shut you off for anything other than non-payment, possibly being a total dick on our forum (really, really unlikely - we haven't done it yet), or if we determine you have violated something in the paragraph above (CP or terrorism). If we do shut you off, we will also refund your current subscription payment (assuming we can find you to issue you a refund, obviously). And, obviously, we'll both tell you why and provide you the opportunity to show we're misinformed. We receive hundreds of DMCA letters a week and respond to them individually; possibly we will post some in the future (the ones with cool titles), but since we don't track anything and you're smart enough not to use the same email address or user id here at cryptostorm as you do during your 'l337' torrenting sprees, our customers have never had to deal with one of these DMCA harassment letters getting through us to them... and they never will.

We occasionally update these ToS - almost always minor grammatical edits, or small additions to clarify points. What's posted here is the most current revision (we don't do formal versioning of our ToS or push them via Github or anything; it just seems a bit much). Were we do any nontrivial edits, we'd make notice via our twitter feed, and here of course. But, here's the thing: we're not going to change them. They've been like this for coming on seven years. That's how it is.

If you have more questions, email us or ask right here in this very thread (click "reply" button, no registration required). If you think our ToS sucks, tell us - and then don't buy or use our service. A thousand pardons if you were expecting countless pages of pointless legalese: not our style.

{formatting and links not copied to this archival shapshot, for administrative efficiency's sake... if you want to add them in via a reply/quote to this post, we'll be happy to incorporate into the production archival post & we'll thank you for your assistance ~admin}

Terms of Service

Cryptostorm has a long history of pushing past the assumed limits of the possible & providing previously-unavailable levels of privacy protection to our customers. Our Terms of Service (ToS) are no exception. In fact, years ago, one of our co-founders published an article in the legendary 2600 Magazine on Terms of Service in tech projects - "RTF... ToS" - highlighting what to look for when choosing tech components. Our own ToS are short, direct, and we hope quite clear.

First, as a precursor of sorts, we established the cryptostorm network to assist people throughout the world in a mature effort to protect individual freedom while on the Internet. You may also label us a network transport provider: this means we pass encrypted packets back and forth, PERIOD. The company does not host content, serve resources, or log anything you are doing - none of that is our business. In fact, as part of our business model we have stood tall and reached out to dissidents in places such as Iran, Tibet, and Cuba (just to name a few), providing free accounts to those trying to get honest current information out to friends, family, and people on the 'net as a whole. We believe these efforts - while not directly profitable to us economically - provide a more than worthwhile return both to the global community, and to the betterment of the Internet.

Second, we ask that you don't do anything blatantly dumb whilst using our service. Please do not send massive volumes of spam through our network. It adds to our workload, and it just ends up getting our IP's blocked from big chunks of IP-space (which means your spam won't arrive anyway); in other words, sending spam via cryptostorm is overflowing with pathetic n00b. Our network is also not a place to 'hack' from (related: nor are we a good transit path through which to route your DDoS attacks, not even c&c; use IRC or sneaky SYN payloads, or whatever... just not us). If you don't know why that's true - and you don't already know how to cover your ass without using a commercial VPN service - then you'd best fucking think twice about what you're doing, 'cause you are in waaaaay over your head. Our $0.02. We won't betray you if you do, but there's smarter ways to cover your tracks doing such things. Point being: if you don't already know that, then you shouldn't be hacking or DDoSing anyway. Crawl, walk, run... that sort of thing.

Third, we request that you not push any sort of child porn or underage sexual content through our network. The company has always been opposed to it. We're honest and forthright, and we ask that you respect that. We don't packet sniff, log anything at all, or have an 'Abuse Team' (as many of our self-styled "competitors" do, whether they admit it or not) - but we do have a crack staff that will do anything within their power (outside of compromising our company stance on customer privacy) to put a stop to CP pushing across our network. Same goes for terrorist-related activities. Don't, seriously. We're not designed to protect either of those areas of activity - CP or terrorism - and we don't expect to be asked to. Yes, there's plenty of grey areas in those definitions; we get that. But if you're well beyond the grey and you're doing really bad shit, don't use us. We're not morality police and we're not here to enforce the world's laws (nor are we legally obligated to do so - we're not cops and have no desire to be such), but we're also not running this network so you can sell CP or plan to kill people (or other beings). Protip: use Tor. Actually, just don't do either of those things, and the world will be a better place. Again, our $0.02.

~ ~ ~

In conclusion, a valid network access token gains you access to the cryptostorm darknet, period. As a result of our token-based authentication model, there's structurally no way we can "shut off" an individual customer (even if we wanted to, which we don't): we don't have "customers," we have authenticated network members. As a packet-routing service, we're in the business of (securely) routing authenticated packets - not in "selling subscriptions" or "managing customers." Irrespective of that, we receive hundreds of DMCA letters a week - and respond to them individually with a (mostly) polite explanation of our operational model, cryptographic framerwork, and member-agnostic authentication topology. Most of these letters come from spambots run by shady copytrolls: these spam operations are illegal in numerous global jurisdictions, although of course LEO doesn't prosecute them since they often have strong political connections (rule of law, eh?). We've been explaining the reality of things to spambot copytrolls for more than half a decade, but the "demand letters" for us to "takedown" content we neither host nor control keep on comin'... lol. No matter; our network members have never had to deal with a single one of these DMCA harassment letters... and they never will.

We occasionally update these ToS - almost always minor grammatical edits, or small additions to clarify points. What's posted here on this page is the most current revision (we don't do formal versioning of our ToS or push them via Github or anything; it just seems a bit much). Were we do any nontrivial edits, we'd make notice via our twitter feed, and in the forum (of course). But, here's the thing: we're not going to change them. They've been like this for coming on seven years. That's how it is.

If you have more questions, message us or ask in our dedicated forum thread. If you think our ToS suck, tell us - and then don't buy or use our service. A thousand pardons if you were expecting countless pages of pointless legalese: not our style.

I said it on Twitter and I will repeate it here:"You don't need to be a lawyer to understand and appreciate this revision of the ToS as a change for the better."

but that doesn't mean I won't put in my two cents...The interesting changes start at "In conclusion..."From a practical viewpoint this seemingly small edit changes EVERYTHING I saw before at any VPN provider. It's all thanks to the ingenious idea of Network Auth Tokens that completely separates the VPN Service from any user authentication or customer relationship and all the nasty consequences that arise from those.

I'm just a small soon to be IT-Jurist but as far as I can tell you need an awesome team consisting of both IT-Specialists and Lawyers to draft such a concept and a very dedicated crew to put this into action. Call me crazy but I guess the team or some other people had to do a lot of philosophical preparatory work to just grasp the entirety of underlying problems concerning this matter.

This might be one of the many much-needed answers we have to find in the never ending battle against surveillance and oppression in our ever-changing world.

Yes, those are some very strong words but I see them fit. Cryptostorm is the product of some people that got their shit together, sat down, thought out a solution and acted on it. So credit where credit is due. I take my hat off to you!

I'm looking forward to see how things will work out in the long run and gladly enjoy the ride while I'm at it.